Re: SMTP, 2600, and the security of mail

Mark Crispin (MRC@SIMTEL20.ARPA)
Mon 29 Sep 86 02:51:33-MDT

Oh wow, big deal, so the little phone phreaks has discovered how to
talk to SMTP servers? I mean, am I supposed to be impressed with
how bright they are or something?

The Internet protocols are insecure by nature. A reasonably suspicious
host should always record the host name or IP address of the how which
actually connected to the SMTP server (the real host, not what was
claimed in a HELO). Some hosts prevent random user programs from
making TCP connections to the SMTP port (I think Multics does), but
basically beyond knowing what host composed the message the end user
should be reasonably suspicious about any mail s/he receives. After
all, even IP addresses can be faked, although I suspect inpersonating
the IP address of MIT-MULTICS is beyond the technical expertise of
your average phone phreak (it requires actually KNOWING something).

This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:36:36 GMT